Finding PII in a haystack of data

When it comes to classifying large amounts of data, government agencies are no different from health care and financial companies that handle personally identifiable information.

To help agencies better secure their data, Veritas Technologies has introduced the Integrated Classification Engine, a solution that scans the enterprise and tags data to ensure that sensitive or risky information is properly managed and protected.

The engine includes more than 100 preconfigured patterns for recognition of credit cards, medical records and other forms of PII. It also includes more than 60 policies -- including the Health Insurance Portability and Accountability Act and the European Union’s General Data Protection Regulation standards -- so users can comply with data protection standards around the world.

"In the past, organizations did not have an easy button approach to classifying their data...from a regulatory standpoint," Zachary Bosin, director of solutions marketing at Veritas, told GCN. "We are arming organizations with the right level of visibility to start to understand the extent of their PII challenges and make decisions -- as opposed to dealing with an overgrown haystack."

The Integrated Classification Engine is the culmination of Veritas' efforts to help agencies comply with the Managing Government Records Directive issued by the Office of Management and Budget and the National Archives and Records Administration in 2012. The directive requires federal agencies to manage all permanent electronic records in an electronic format by the end of 2019.

"This is one of the first tools in the market to give organizations the ability to better understand their data and make decisions about it regardless of the content type," Bosin said.

On a global scale, Veritas is also planning to help government agencies and companies prepare for the European Union's General Data Protection Regulation, which goes into effect on May 25, 2018. According to a Veritas survey, 31 percent of respondents who do business with the EU think they are ready to comply with the regulation, but only 2 percent were able to answer questions designed to show that they are in compliance.

Bosin said the regulation might also affect U.S. government agencies that store data on EU residents.

"In the EU, residents will soon have the right to own their data...so there is no safe-harbor agreement that agencies can make with European data protection authorities," Bosin said. "If you are managing data on EU residents, then you are subject to the guidelines...and penalties that are outlined."

The Integrated Classification Engine is available now in Veritas Data Insight 6.0 and will be available with the company's Enterprise Vault 12.2 in August.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.